Another way to secure a nessus scanner is to completly disable login/password nessus accounts and use only key exchanges. You can achieve this by removing all "hash" files under the users directory
Cordialement / Mit freundlichen Grüßen / Best regards, _____________________________________________ Patrice Arnal ISS - DataCenter – E&S Mailto: [EMAIL PROTECTED] _____________________________________________ "Jim Hendrick" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 14/09/2006 12:44 To <[EMAIL PROTECTED]>, <[email protected]> cc Subject RE: Securing nessusd For your box, look at using iptables. Set up a simple rule to allow the hosts/networks you want to connect and allow the rest to drop through to the (hopefully already existing) deny all. Syntax is pretty straightforward and if you run it from the command line it will not survive reboots so you can "undo" your changes. Also look at iptables-save and iptables-restore to preserve your existing state. Later, Jim > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Derwael > Sent: Thursday, September 14, 2006 4:05 AM > To: [email protected] > Subject: Securing nessusd > > > Hi list, > > I'm in a process of securing my Nessus scanner. > Currently, the scanner runs with the default startup options > (-D -q), which makes it accessible by anyone. I want it to > reject any connection attempt, except from 2 IPs (adding the > -a option) > > The scanner'IP (on a RedHat box) is x.y.z.218, and I'm > running NessusWX on x.y.z.219. When I start the daemon with > "nessusd -D -q -a x.y.z.218,x.y.z.219", it rejects every > connection, including those from x.y.z.218/219. > > Does that mean that -a only accepts one single IP, or am I > doing something wrong ????? > > > -- > Web and Co > Patrick Derwael > Rue Hubert Larock, 20 > 4280 Hannut > email: [EMAIL PROTECTED] > http://www.webandco.be > > _______________________________________________ > Nessus mailing list > [email protected] http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
